We're installing locally-written Splunk apps via puppet and are curious what the proper permissions for a user-written app under $SPLUNK_HOME/etc/apps should be. The Splunk gui does things as its defaults, which I hope are the correct default case. Is what it does (or what we should do) documented someplace?
Note I do 'not' want to set permissions via the Splunk administrative gui. The questions is what the Unix permissions should be for files in a locally-written app under $SPLUNK_HOME/etc/apps. Thanks.
Here's how i did it (passes app certification on add-on builder now):
find /opt/splunk/etc/apps/myApp/ -type d | xargs chmod 755 $_
find /opt/splunk/etc/apps/myApp/ -type f | xargs chmod 644 $_
find /opt/splunk/etc/apps/myapp/bin/ -type f | xargs chmod 655 $_
chmod 600 /opt/splunk/etc/apps/myapp/app.manifest
chmod 644 /opt/splunk/etc/apps/myapp/README.txt
and here is what i ended up with
[splunk@ip-172-31-40-93 TA-webtools]$ ls -al *
-rw------- 1 splunk splunk 1046 Aug 21 16:06 app.manifest
-rw-r--r-- 1 splunk splunk 56 Aug 14 10:36 README.txt
appserver:
total 0
drwxr--r-- 4 splunk splunk 37 Aug 21 12:37 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
drwxr--r-- 5 splunk splunk 38 Aug 21 12:37 static
drwxr--r-- 2 splunk splunk 23 Aug 21 15:39 templates
bin:
total 92
drwxr--r-- 3 splunk splunk 4096 Aug 21 15:39 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rwxr-xr-x 1 splunk splunk 4607 Aug 21 14:09 curl_inputs.py
-rwxr-xr-x 1 splunk splunk 10082 Aug 21 11:18 curl.py
-rwxr-xr-x 1 splunk splunk 2269 Aug 21 14:09 input_module_curl_inputs.py
-rwxr-xr-x 1 splunk splunk 1969 Aug 21 15:10 input_module_curl_inputs.pyc
-rwxr-xr-x 1 splunk splunk 7337 Aug 21 15:39 input_module_test_port_input.py
-rwxr-xr-x 1 splunk splunk 2329 Aug 21 15:39 input_module_test_port_input.pyc
-rwxr-xr-x 1 splunk splunk 2305 Aug 21 15:10 input_module_test_port.pyc
drwxr--r-- 20 splunk splunk 4096 Aug 21 12:37 ta_webtools
-rwxr-xr-x 1 splunk splunk 462 Aug 21 15:39 ta_webtools_declare.py
-rwxr-xr-x 1 splunk splunk 711 Aug 21 15:39 ta_webtools_declare.pyc
-rwxr-xr-x 1 splunk splunk 2231 Aug 21 15:39 TA_webtools_rh_curl_inputs.py
-rwxr-xr-x 1 splunk splunk 746 Aug 21 15:39 TA_webtools_rh_settings.py
-rwxr-xr-x 1 splunk splunk 2070 Aug 21 15:39 TA_webtools_rh_test_port_input.py
-rwxr-xr-x 1 splunk splunk 2064 Aug 21 15:10 TA_webtools_rh_test_port.py
-rwxr-xr-x 1 splunk splunk 4345 Aug 21 15:39 test_port_input.py
-rwxr-xr-x 1 splunk splunk 3721 Aug 21 12:23 testport.py
-rwxr-xr-x 1 splunk splunk 1969 Aug 21 10:15 urlencode.py
default:
total 16
drwxr--r-- 3 splunk splunk 114 Aug 21 15:39 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 146 Aug 24 16:37 addon_builder.conf
-rw-r--r-- 1 splunk splunk 1325 Aug 21 10:20 app.conf
-rw-r--r-- 1 splunk splunk 819 Aug 21 11:50 commands.conf
drwxr--r-- 3 splunk splunk 16 Aug 14 10:36 data
-rw-r--r-- 1 splunk splunk 11 Aug 21 15:39 ta_webtools_settings.conf
local:
total 20
drwxr--r-- 2 splunk splunk 95 Aug 24 10:49 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 586 Aug 21 16:06 app.conf
-rw-r--r-- 1 splunk splunk 309 Aug 21 15:39 inputs.conf
-rw-r--r-- 1 splunk splunk 341 Aug 21 14:23 props.conf
-rw-r--r-- 1 splunk splunk 555 Aug 21 15:39 restmap.conf
-rw-r--r-- 1 splunk splunk 647 Aug 21 15:39 web.conf
metadata:
total 8
drwxr--r-- 2 splunk splunk 44 Aug 21 14:23 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 125 Aug 14 10:36 default.meta
-rw-r--r-- 1 splunk splunk 367 Aug 21 14:23 local.meta
README:
total 12
drwxr--r-- 2 splunk splunk 99 Aug 21 15:39 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 78 Aug 14 10:36 addon_builder.conf.spec
-rw-r--r-- 1 splunk splunk 249 Aug 21 15:39 inputs.conf.spec
-rw-r--r-- 1 splunk splunk 21 Aug 21 15:39 ta_webtools_settings.conf.spec
static:
total 24
drwxr--r-- 2 splunk splunk 94 Aug 21 10:14 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 4831 Aug 21 16:06 appIcon_2x.png
-rw-r--r-- 1 splunk splunk 4831 Aug 21 16:06 appIconAlt_2x.png
-rw-r--r-- 1 splunk splunk 2099 Aug 21 16:06 appIconAlt.png
-rw-r--r-- 1 splunk splunk 2099 Aug 21 16:06 appIcon.png
Here's how i did it (passes app certification on add-on builder now):
find /opt/splunk/etc/apps/myApp/ -type d | xargs chmod 755 $_
find /opt/splunk/etc/apps/myApp/ -type f | xargs chmod 644 $_
find /opt/splunk/etc/apps/myapp/bin/ -type f | xargs chmod 655 $_
chmod 600 /opt/splunk/etc/apps/myapp/app.manifest
chmod 644 /opt/splunk/etc/apps/myapp/README.txt
and here is what i ended up with
[splunk@ip-172-31-40-93 TA-webtools]$ ls -al *
-rw------- 1 splunk splunk 1046 Aug 21 16:06 app.manifest
-rw-r--r-- 1 splunk splunk 56 Aug 14 10:36 README.txt
appserver:
total 0
drwxr--r-- 4 splunk splunk 37 Aug 21 12:37 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
drwxr--r-- 5 splunk splunk 38 Aug 21 12:37 static
drwxr--r-- 2 splunk splunk 23 Aug 21 15:39 templates
bin:
total 92
drwxr--r-- 3 splunk splunk 4096 Aug 21 15:39 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rwxr-xr-x 1 splunk splunk 4607 Aug 21 14:09 curl_inputs.py
-rwxr-xr-x 1 splunk splunk 10082 Aug 21 11:18 curl.py
-rwxr-xr-x 1 splunk splunk 2269 Aug 21 14:09 input_module_curl_inputs.py
-rwxr-xr-x 1 splunk splunk 1969 Aug 21 15:10 input_module_curl_inputs.pyc
-rwxr-xr-x 1 splunk splunk 7337 Aug 21 15:39 input_module_test_port_input.py
-rwxr-xr-x 1 splunk splunk 2329 Aug 21 15:39 input_module_test_port_input.pyc
-rwxr-xr-x 1 splunk splunk 2305 Aug 21 15:10 input_module_test_port.pyc
drwxr--r-- 20 splunk splunk 4096 Aug 21 12:37 ta_webtools
-rwxr-xr-x 1 splunk splunk 462 Aug 21 15:39 ta_webtools_declare.py
-rwxr-xr-x 1 splunk splunk 711 Aug 21 15:39 ta_webtools_declare.pyc
-rwxr-xr-x 1 splunk splunk 2231 Aug 21 15:39 TA_webtools_rh_curl_inputs.py
-rwxr-xr-x 1 splunk splunk 746 Aug 21 15:39 TA_webtools_rh_settings.py
-rwxr-xr-x 1 splunk splunk 2070 Aug 21 15:39 TA_webtools_rh_test_port_input.py
-rwxr-xr-x 1 splunk splunk 2064 Aug 21 15:10 TA_webtools_rh_test_port.py
-rwxr-xr-x 1 splunk splunk 4345 Aug 21 15:39 test_port_input.py
-rwxr-xr-x 1 splunk splunk 3721 Aug 21 12:23 testport.py
-rwxr-xr-x 1 splunk splunk 1969 Aug 21 10:15 urlencode.py
default:
total 16
drwxr--r-- 3 splunk splunk 114 Aug 21 15:39 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 146 Aug 24 16:37 addon_builder.conf
-rw-r--r-- 1 splunk splunk 1325 Aug 21 10:20 app.conf
-rw-r--r-- 1 splunk splunk 819 Aug 21 11:50 commands.conf
drwxr--r-- 3 splunk splunk 16 Aug 14 10:36 data
-rw-r--r-- 1 splunk splunk 11 Aug 21 15:39 ta_webtools_settings.conf
local:
total 20
drwxr--r-- 2 splunk splunk 95 Aug 24 10:49 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 586 Aug 21 16:06 app.conf
-rw-r--r-- 1 splunk splunk 309 Aug 21 15:39 inputs.conf
-rw-r--r-- 1 splunk splunk 341 Aug 21 14:23 props.conf
-rw-r--r-- 1 splunk splunk 555 Aug 21 15:39 restmap.conf
-rw-r--r-- 1 splunk splunk 647 Aug 21 15:39 web.conf
metadata:
total 8
drwxr--r-- 2 splunk splunk 44 Aug 21 14:23 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 125 Aug 14 10:36 default.meta
-rw-r--r-- 1 splunk splunk 367 Aug 21 14:23 local.meta
README:
total 12
drwxr--r-- 2 splunk splunk 99 Aug 21 15:39 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 78 Aug 14 10:36 addon_builder.conf.spec
-rw-r--r-- 1 splunk splunk 249 Aug 21 15:39 inputs.conf.spec
-rw-r--r-- 1 splunk splunk 21 Aug 21 15:39 ta_webtools_settings.conf.spec
static:
total 24
drwxr--r-- 2 splunk splunk 94 Aug 21 10:14 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 4831 Aug 21 16:06 appIcon_2x.png
-rw-r--r-- 1 splunk splunk 4831 Aug 21 16:06 appIconAlt_2x.png
-rw-r--r-- 1 splunk splunk 2099 Aug 21 16:06 appIconAlt.png
-rw-r--r-- 1 splunk splunk 2099 Aug 21 16:06 appIcon.png
UDPATE: Its README not README.txt that is created by the AoB, but i've been using this post over and over again since we wrote it. Works great.
755 for bin and 744 for all other directories
From the Unix perspective it's all uniform. Should look like -
splnkdvl@host:/opt/splunk/etc/apps/app_name
$ ll
total 16
drwx--x--x. 2 splnkdvl group_name 4096 Dec 16 2015 bin
drwx--x--x. 3 splnkdvl group_name 4096 Dec 16 2015 default
drwx------. 2 splnkdvl group_name 4096 Dec 16 2015 local
drwx--x--x. 2 splnkdvl group_name 4096 May 27 17:50 metadata
The fine access administration is really at the Splunk application level documented at Step 5: Set permissions
No, ignore the step 5 stuff, that's not relevant. I'm asking about unix permissions on the filesystem only.
More detail - I'm trying to permit shared group-write for development where a developer could ssh into the search-head and build their app via some combination of manual editing and using the gui to build dashboards etc. If they stay all gui for their development, the app works, but the group and world permissions are getting reset by the gui 'save' actions to something other than the state the tree started with (in general, the group-write gets removed, sometimes even group-read). If they work all interactively in an editor, the app doesn't always work due to needing service resets all the time if they edit any .conf files or the like.
So I'm trying to dig into what the 'unix' filesystem permissions are supposed to be in $SPLUNK_HOME/etc/apps/myappname
Also, the permissions there differ a lot for unix and mac variants of splunk, which I can't explain either. Is there a way to reverse engineer what the splunk gui is setting when you hit 'save' ?